diff options
author | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-01-30 16:35:31 +0200 |
---|---|---|
committer | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-01-30 16:35:31 +0200 |
commit | 6af66b1106e67a8dc467a70e8e57d7963b09936b (patch) | |
tree | b613295c180469e2643a982195ff409ef86b4dbc /inc | |
parent | f4fbfaa7cbaaf07aae7d8f0533d293fa4dc605cc (diff) | |
download | wallabag-6af66b1106e67a8dc467a70e8e57d7963b09936b.tar.gz wallabag-6af66b1106e67a8dc467a70e8e57d7963b09936b.tar.zst wallabag-6af66b1106e67a8dc467a70e8e57d7963b09936b.zip |
fix of bug #368 Endless redirects or user doesn't exist with basic authentication
Diffstat (limited to 'inc')
-rw-r--r-- | inc/poche/Database.class.php | 11 | ||||
-rw-r--r-- | inc/poche/Poche.class.php | 19 |
2 files changed, 18 insertions, 12 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 3b0f455e..0457af69 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
@@ -165,9 +165,14 @@ class Database { | |||
165 | } | 165 | } |
166 | } | 166 | } |
167 | 167 | ||
168 | public function login($username, $password) { | 168 | public function login($username, $password, $isauthenticated=false) { |
169 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; | 169 | if ($isauthenticated) { |
170 | $query = $this->executeQuery($sql, array($username, $password)); | 170 | $sql = "SELECT * FROM users WHERE username=?"; |
171 | $query = $this->executeQuery($sql, array($username)); | ||
172 | } else { | ||
173 | $sql = "SELECT * FROM users WHERE username=? AND password=?"; | ||
174 | $query = $this->executeQuery($sql, array($username, $password)); | ||
175 | } | ||
171 | $login = $query->fetchAll(); | 176 | $login = $query->fetchAll(); |
172 | 177 | ||
173 | $user = array(); | 178 | $user = array(); |
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index e9b14121..77361ef7 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
@@ -692,17 +692,17 @@ class Poche | |||
692 | */ | 692 | */ |
693 | private function credentials() { | 693 | private function credentials() { |
694 | if(isset($_SERVER['PHP_AUTH_USER'])) { | 694 | if(isset($_SERVER['PHP_AUTH_USER'])) { |
695 | return array($_SERVER['PHP_AUTH_USER'],'php_auth'); | 695 | return array($_SERVER['PHP_AUTH_USER'],'php_auth',true); |
696 | } | 696 | } |
697 | if(!empty($_POST['login']) && !empty($_POST['password'])) { | 697 | if(!empty($_POST['login']) && !empty($_POST['password'])) { |
698 | return array($_POST['login'],$_POST['password']); | 698 | return array($_POST['login'],$_POST['password'],false); |
699 | } | 699 | } |
700 | if(isset($_SERVER['REMOTE_USER'])) { | 700 | if(isset($_SERVER['REMOTE_USER'])) { |
701 | return array($_SERVER['REMOTE_USER'],'http_auth'); | 701 | return array($_SERVER['REMOTE_USER'],'http_auth',true); |
702 | } | 702 | } |
703 | 703 | ||
704 | return array(false,false); | 704 | return array(false,false,false); |
705 | } | 705 | } |
706 | 706 | ||
707 | /** | 707 | /** |
708 | * checks if login & password are correct and save the user in session. | 708 | * checks if login & password are correct and save the user in session. |
@@ -713,18 +713,19 @@ class Poche | |||
713 | */ | 713 | */ |
714 | public function login($referer) | 714 | public function login($referer) |
715 | { | 715 | { |
716 | list($login,$password)=$this->credentials(); | 716 | list($login,$password,$isauthenticated)=$this->credentials(); |
717 | if($login === false || $password === false) { | 717 | if($login === false || $password === false) { |
718 | $this->messages->add('e', _('login failed: you have to fill all fields')); | 718 | $this->messages->add('e', _('login failed: you have to fill all fields')); |
719 | Tools::logm('login failed'); | 719 | Tools::logm('login failed'); |
720 | Tools::redirect(); | 720 | Tools::redirect(); |
721 | } | 721 | } |
722 | if (!empty($login) && !empty($password)) { | 722 | if (!empty($login) && !empty($password)) { |
723 | $user = $this->store->login($login, Tools::encodeString($password . $login)); | 723 | $user = $this->store->login($login, Tools::encodeString($password . $login), $isauthenticated); |
724 | if ($user != array()) { | 724 | if ($user != array()) { |
725 | # Save login into Session | 725 | # Save login into Session |
726 | $longlastingsession = isset($_POST['longlastingsession']); | 726 | $longlastingsession = isset($_POST['longlastingsession']); |
727 | Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user))); | 727 | $passwordTest = ($isauthenticated) ? $user['password'] : Tools::encodeString($password . $login); |
728 | Session::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user))); | ||
728 | $this->messages->add('s', _('welcome to your poche')); | 729 | $this->messages->add('s', _('welcome to your poche')); |
729 | Tools::logm('login successful'); | 730 | Tools::logm('login successful'); |
730 | Tools::redirect($referer); | 731 | Tools::redirect($referer); |